Skip to main content

安装部署 Kubernetes Dashboard

以下是安装部署 Kubernetes Dashboard 的详细步骤:

1. 部署 Kubernetes Dashboard

# 部署最新版 Dashboard (兼容 Kubernetes v1.22+)
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.7.0/aio/deploy/recommended.yaml

2. 创建管理员服务账户

创建文件 dashboard-adminuser.yaml

apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin-user
  namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: admin-user
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: admin-user
  namespace: kubernetes-dashboard

应用配置:

kubectl apply -f dashboard-adminuser.yaml

3. 获取访问令牌

kubectl -n kubernetes-dashboard create token admin-user

复制输出的令牌(Token),用于登录。

4. 访问 Dashboard

方式一:端口转发(临时测试)

kubectl proxy

访问地址:
http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/

方式二:NodePort 暴露服务(生产慎用)

修改服务类型:

kubectl -n kubernetes-dashboard patch svc kubernetes-dashboard -p '{"spec":{"type":"NodePort"}}'

获取端口:

kubectl -n kubernetes-dashboard get svc

访问地址:
https://<节点IP>:<NodePort>

5. 登录 Dashboard

  1. 选择 Token 登录方式
  2. 粘贴步骤3获取的令牌
  3. 点击登录

6. 安全建议(生产环境必做)

启用 HTTPS Ingress

示例 Ingress 配置:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: dashboard-ingress
  namespace: kubernetes-dashboard
  annotations:
    nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
    nginx.ingress.kubernetes.io/ssl-passthrough: "true"
spec:
  ingressClassName: nginx
  tls:
  - hosts:
    - dashboard.example.com
    secretName: dashboard-tls
  rules:
  - host: dashboard.example.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: kubernetes-dashboard
            port:
              number: 443

限制访问IP

kubectl -n kubernetes-dashboard edit svc kubernetes-dashboard

添加 spec.loadBalancerSourceRanges 字段指定允许的IP。

7. 卸载 Dashboard

kubectl delete -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.7.0/aio/deploy/recommended.yaml
kubectl delete -f dashboard-adminuser.yaml

常见问题解决

问题1:Token 无效

检查令牌是否过期(默认有效期2小时),重新生成:

kubectl -n kubernetes-dashboard create token admin-user --duration=24h  # 延长有效期

问题2:无法访问

检查防火墙规则:

sudo ufw allow 6443/tcp  # 如果使用NodePort,替换为实际端口

问题3:证书错误

浏览器添加例外,或使用自签名证书:

openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
  -keyout dashboard.key -out dashboard.crt -subj "/CN=dashboard.example.com"
kubectl -n kubernetes-dashboard create secret tls dashboard-tls --key=dashboard.key --cert=dashboard.crt

总结3. 常见问题

Q1:

正在运行(如果手动部署)。
  • 检查
    • Dashboard
    操作命令
    启动 Minikubeminikube start --driver=<driver>
    自动部署无法访问 Dashboard minikube
      dashboard(推荐)
    手动部署 Dashboardkubectl apply -f ... +
  • 确保 kubectl proxy
    		•
    获取Minikube 是否正常运行: 
    minikube status

    Q2: Token

    		 无效
    • 确保 ServiceAccount 和 ClusterRoleBinding 已正确创建: 
      kubectl get sa -n kubernetes-dashboard
createkubectl tokenget clusterrolebinding admin-user
    删除

    Q3: Dashboard(插件)

    		 无法加载
    • 尝试重启 Minikube: 
      minikube addonsstop
disableminikube dashboardstart
    删除
    Dashboard(手动)    		kubectl delete -f ... + 清理 ServiceAccount/ClusterRoleBinding

    现在你可以轻松在 Minikube 上部署和管理 Kubernetes Dashboard 了! 🚀

    Back to top